Email Phishing – Back to bait… (pt. 9)

by
email phishing is a cyber-attack that takes place on your desktop

A couple of chapters back we looked at the bait threat actors use to get you – relaxed and happily working away on your laptop – to open their phishing email and then open their malicious attachment. But the infected attachment is not the only way the hacker can get you – there are links.

Email Phishing and links – what do they want?

In many cases the social engineering message for a phishing email with links aimed at a business user will be trying to persuade you to log into your M365 (most often) or Google Workspace account. The usual way is to let you know politely that, “your account is about to expire”, or “we have encountered a problem with your account”, or “this is a security check, please confirm your email address and password to continue working”. I could go on inventing suitable phrases, with just enough dilemma that a busy person may click on the link, but neither I nor the threat actors have to do that now, we’ll just let Microsoft Copilot do that for us.

Email Phishing – Back to bait… (pt. 9) Cyber Awake

When you follow the link the “usual” login dialogue box appears, asking for your email address and password. But it is not the usual login box, it simply forwards your valuable credentials on to the threat actors server and from there, probably, onto the Dark Web where they are sold.

email Phishing – links variations on a theme

I could list all the variations on this theme here, but tomorrow there will be ten new ones. You and your team need to take away from this that this type of attack is varied and if it gets to your inbox, you need a defence. That defence is usually training and a company procedure for checking/changing credentials.

MFA

Do not forget MFA is an essential cyber security step and defence.

Too easy…

I can hear you saying now, “It sounds too easy – surely people don’t click on a link and then give away their credentials?”. Yes, they do, and recently there has been published research to show that users follow links and that threat actors work hard to maintain their credential-harvesting domains. (Saric, et al. 2024).

You need to make sure your team members know what to expect.

Next

Something technical from Octagon’s Operations Manager.


Clive Catton MSc (Cyber Security) – by-line and other articles

References

Saric, K., Savins, F., Ramachandran, G. S., Jurdak, R., & Nepal, S. (2024). Hyperlink Hijacking: Exploiting Erroneous URL Links to Phantom Domains. In Proceedings of the ACM on Web Conference 2024 (pp. 1724-1733).

Further Reading

Credentials – A Primer

MFA – A Primer

Back-to-Basics – Phishing Email Primer

Phishing Primer – Social Engineering (pt. 1)

Phishing Primer – Social Engineering (pt. 2)

The Phishing Email and AI (pt. 3)

Phishing Primer – Phishing Types (pt. 4)

Email phishing needs bait… (pt 5)

Phishing Attacks – It is in the numbers. (pt 6)

Nothing is true, everything is a scam (pt.7)

Phishing Email – It is about time we looked at some… (pt.8)

Photo by Peter Olexa

Contact us for consultation

Wake up to cyber threats..

Email Phishing – Back to bait… (pt. 9) Cyber Awake
HQ Based between Newark and Lincoln

Get in touch

CyberAwake
Unit 2 Kingsley Court
Kingsley Road
Lincoln
LN6 3TA
United Kingdom

01522 508089

useful links

Website Cookies Icon

This website uses cookies to ensure you get the best experience on our website. Click for more information.

accept & Close